diff --git a/nixos/mirai/configuration.nix b/nixos/mirai/configuration.nix
index 43f2525b..fd9de0e0 100644
--- a/nixos/mirai/configuration.nix
+++ b/nixos/mirai/configuration.nix
@@ -17,6 +17,9 @@
   sops.secrets."nextcloud/adminpass" = {
     owner = config.users.users.nextcloud.name;
   };
+  sops.secrets."llama/user" = {
+    owner = config.users.users.llama.name;
+  };
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
diff --git a/nixos/mirai/services.nix b/nixos/mirai/services.nix
index 39fa7a01..6f4bda8e 100644
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -64,6 +64,9 @@
     '';
     virtualHosts."llama.darksailor.dev".extraConfig = ''
       reverse_proxy localhost:3000
+      basicauth / {
+        import htpasswd ${config.sops.secrets."llama/user".path}
+      }
     '';
   };
 }
diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml
index db1a8898..ca759850 100644
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@@ -1,5 +1,7 @@
 nextcloud:
     adminpass: ENC[AES256_GCM,data:v9WXJ3Ig5NcWd+02P8VnaNkMy2yfEQ==,iv:LfS0avmRZfjdqjNE69h7L90ePzzdmtP57X+0U1vAMvs=,tag:Dq90tfGAUyqzTW3oM96IRg==,type:str]
+llama:
+    user: ENC[AES256_GCM,data:ig6DC0oTL5ASh6eBIRr2MjKjr1H8I+GOtEd4hD5QOjIb+9XSxWzNPEImDBy5,iv:AH+8QuGRNYveVMiM2Tnu2vP9KA0v5NhqoxjGjhPXoR4=,tag:yswGFV/EpPvB4ASnNH9EWQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +17,8 @@ sops:
             VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
             ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-20T14:43:08Z"
-    mac: ENC[AES256_GCM,data:j7sIw6/cKbNSRXSjAxZsDvIe5ZPnZ5YioGno33E0WWNYPohj9YtEwzi8ik59aynzSIQf3Usj76c2QMqwgjAFuaVIK5E3ASPGF2Tq4CAczNPPu3q1Kl1ZfEOGNd2nb0t3Zi0EKNE68BRCTAHJw5+UzDEDhPct1QrVlq8MfZSO494=,iv:bLNaaxnZlx8Ffvf9ohcMPDhe1jqGofL91DX1dwUHi2c=,tag:gb0aDWJFC3LX9HkaLoUgZg==,type:str]
+    lastmodified: "2024-11-22T08:57:58Z"
+    mac: ENC[AES256_GCM,data:anG00AmaO5cKTp/uIKPMw296e3cuNKq0oijvqi54V1F3kULbU5oNCHHvgnRXeBWH9lmHW6uaoV+4sP58zSWHI2njE258EXThnZgBGR30lj+Trf2WY7w7EgzKtytlNngsK/1qfsA/E8OQ58+pLfLoXbxvFYniSCkMDvSmlKOMAj0=,iv:zkJjQGGNq+5gP3FP9FA3D0g0JrJwGG/JcxVmZL/PJsE=,tag:ZjyRoQhVgqAXgaNCAey3mQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1